Позволяне на dns заявки от конкретна мрежа

Идеята е когато пуснете bind да не позволявате на всеки да го ползва като dns. За целта във „named.conf.options“ се добавя:

acl „allow_networks“ { 172.16.0.0/16;11.81.22.0/24; };
options {
allow-query { „allow_networks“; };

};

В тези редове става ясно, че дефинираме access list в коята включваме мрежите 172.16.0.0/255.255.0.0(/16) и 11.81.22.0/255.255.255.0(/24)
и по- долу позволяваме тази access листа.

Когато рестартирате bind този които не е оторизиран да ползва dns-a няма да резолва нищо и лога му ще се пълни със следното:

Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#58072: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.242#1043: query (cache) ‘www.kevche.com/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#51444: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.182#57970: query (cache) ‘urs.microsoft.com/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#60347: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.134#1139: query (cache) ‘www.mywebsearch.com/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.188#60128: query (cache) ‘www.mywebsearch.com/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#61412: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#53057: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.134#1139: query (cache) ‘www.mywebsearch.com/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.70#54304: query (cache) ‘borhanoudz.no-ip.biz/A/IN’ denied
Jan 29 13:31:58 ns1 named[2182]: client 172.11.XX.188#49513: query (cache) ‘www.mywebsearch.com/A/IN’ denied

Категория:

Logged in as {{omniform_current_user_display_name}}. Edit your profile. Log out? Required fields are marked *

Your email address will not be published. Required fields are marked *

Comments are closed.

You must be logged in to post a comment.